Extended Authorization Frameworl< 



Instrumentation Application 
public void main(... 
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I n stru m entati on Q assLoader 
defineClass(... 
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Custom Authorization 
Deploy mentDescript or 
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Instrumentation 
Code 
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TargetClass 
public class ProfileService 



102 



Fig. 1 



Target Class ProfileService 



public Profile getProfile(String profileName. String attributes) 
{ 

System.out.println("\n*** ProflleService.getProfile entry ***"); 
//get attributes associated w/profileName from DB 

} 
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Custom Authorization Deployment Descriptor 



<authorizationTarget class="ProfiIeService"> 



<subjectFactory class="ThreaclSubjectFactory7> 

<method name="getProfile"> 

<requireclPermission class =''corn.ibrn.resource.security.authProfilePermission"> 
<property name- 'name" value="UserProfile" /> 
<properly name="actions" value="Reacl" /> 
<property name- 'attributes" value="attributes" scope="locar' /> 

</requ i redPermissi on > 

< privileged Action class ="ReadAction"> 

<properly name-'attributes" value="attributes" scope="local" /> 
</privil eged Action > 

</method> 



</authorizationTarget> 



2 



104a 




CODE TARGET CLASS J 



CODE 
INSTRUMENTATION 
APPLICATION AND 
CLASS LOADER 



CODE DEPLOYMENT 
DESCRIPTOR 



COMPILE 
INSTRUMENTATION 
CODE 



RUN PREPROCESSOR 



EXECUTE TARGET 
APPLICATION 



Fig. 4 



Target Class ProfileService — Instrumented Code 



public Profile getProfile(String profileName. String attributes) 
{ 

System .out.println('\n*** ProfileSen/ice.getProfile entry ***"): 

/* JAVA LANGUAGE EQUIVALENT OF INSTRUMENTATION 
(It's actually inserted into the target as byte code) 

*/ 

SubjectFactory subjectFactory= newThreadSubjectFactoryQ; 
Subject user=subjeclFactory.getSubjectO; 

if(user != null && (System. getProperty("custom_authorization") 1= null)) 
{ 

PermissionFactory permissionFactory = (new DefaultPermissionFactoryO).getFactoryO: 

permissionFactory.setProperty(''RequiredPermission^"comjbm.resource.security.authProfil^ 
permissionFactory. setPropertyf'RequiredPermission.name". "UserProfile"); 
permission Factory. setProperty("RequiredPermission. actions", "read"); 
permissionFactory.setPropertyfRequiredPermission. attributes", attributes); 



PrivilegedActionFactory privilegedActionFactory = (new DefauttPrivilegedActionFactoryO).getFactory(); 
privilegedActionFactory,setProperty("PermissionFactory", permissionFactory); 
p riv ileg edActionF acto ry.setPro pe rty("Privile ge dActio n" , "Re adAction") ; 
privilegedActionFactory.setProperty("attributes". attributes); 



Su bject.d oAsPriv liege d(user, privile ged Action Factory. getPrivile ged Action Q . nu II); 
} 

/*END INSTRUMENTATION V 



//get attributes associated w/profileName from DB 

} 
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Fig. 5 



Byte-code instrumentation could be achieved using BCEL 



SubjectFactory subjectFactory= newThreadSubjectFactoryQ; 
// 6 16:new #6 <Class ThreadSubjectFactory> 



// 7 19:dup 



// 8 20:invokespecial Ml 
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6)CONSTANT„Class[7](nameJndex = 71) 

7i)CONSTANT_Utf8[1]rThreadSubjectFact 
cry") 

bcel: 

subjectFactoryClassJdK = 
constPooI.addClassC'ThreadSubjectFactory"); 
InstructionList patchEnd = newlnstructionUstO; 
patchEnd.append(newNEW(subjectFactoryClassJdx)): 



bcel: 

patchEnd.append(new DUPO); 

od void ThreadSubjectFactofv()> 

7) CO NST ANT^Meth odref [1 0]( class Jn dex = 
6. name_and_typ8jndex = 64) 

6jC0NSTANT_Class[7](nameJndex = 71) 

7*1)CONSTANT,Utf8[1]("ThreadSubjectFact 

cry") 

64)CONSTANT_NanneAndType[12](nameJn 
dex = 42. signaturejndex =43) 

42) CONSTANT_Utf8[1]("<init>") 

43) CONSTANT_Utf8[1]("()V") 
(invoke special must pop the object 
reference of the stack..,) 
bcel: 

subjectFactoryConstructorJdK = 
constPoo!.addMethodrefC'ThreadSubjectFactory"/'<init>", 
"OV"); 

patchEnd.append(new NEW 
IWOKESPECIAUsubjectF actoryConstructorJdK)); 
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Fig. 6 



